How to assign users office365 licenses using groups with Microsoft graph and PowerShell-CodePudding

I'm working on a PowerShell script to assign users office 365 license based on group (security group). So, i have created app registration and assigned the required API permissions.

When I try to run my script, i get the error below

Invoke-RestMethod : The remote server returned an error: (400) Bad Request.
At line:1 char:1
  Invoke-RestMethod -Uri $uri -Body $body -ContentType "application/jso ...
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
      FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

Below is the entire script

$connectiondetails = @{

    # This ids and secret are present in the overview and certificate & secret page of our application in azure AD

    # Tenant ID here
    'tenantid' = ""

    # Application (client) ID here
    'clientid' = ""

    # Secret id here
    'ClientSecret' = "" | ConvertTo-SecureString -AsPlainText -Force

}

$token = Get-MsalToken @connectiondetails
$tokenid_ = $token.AccessToken

# $uri = "https://graph.microsoft.com/v1.0/groups"

# $grp = Invoke-RestMethod -Uri $uri -Headers @{Authorization=("bearer {0}" -f $tokenid_)}
# $grp


$uri = "https://graph.microsoft.com/v1.0/groups/ffbabc6f-aa87-40f3-8665-9d140e4a7adb/assignLicense"

$body = "{""SkuId"":""cbdc14ab-d96c-4c30-b9f4-6ada7cdc1d46""}"

# assign license call
Invoke-RestMethod -Uri $uri -Body $body -ContentType "application/json" -Method post -Headers @{Authorization=("bearer {0}" -f $tokenid_)}

Permissions assigned to the app

I need assistance to know what am doing wrong. Thank you.

Solutions tried

CodePudding user response：

The body for the request to add license requires addLicenses property with permissions Group.ReadWrite.All and Directory.ReadWrite.All.

{
  "addLicenses": [
    {
      "skuId": "cbdc14ab-d96c-4c30-b9f4-6ada7cdc1d46"
    }
  ],
  "removeLicenses": []
}

$uri = "https://graph.microsoft.com/v1.0/groups/ffbabc6f-aa87-40f3-8665-9d140e4a7adb/assignLicense"

# create json object
$data = @{
    "addLicenses"    = @(
        @{
            "skuId" = "cbdc14ab-d96c-4c30-b9f4-6ada7cdc1d46"
        }
    )
    "removeLicenses" = @()
}

# convert to JSON-formatted string
$body = $data | ConvertTo-Json

# assign license call
Invoke-RestMethod -Uri $uri -Body $body -ContentType "application/json" -Method post -Headers @{Authorization=("bearer {0}" -f $tokenid_)}

Resources:

Group - assign licenses